That's right! - Alarm bells should start to ring if you find any file wants
to be run from a TEMP directory (except for in the midst of a program's
installation 'setup', perhaps).

The normal location for [CSRSS.EXE] in the [system32] folder.

It was probably a virus which switched the correct path in the registry for
[csrss.exe] to it's own bogus version residing in the TEMP directory...
The 'real' [csrss.exe] file probably didn't go anywhere - it was just that
it's registered path had been altered.

You have tried, of course, running a *full* scan with your installed
Anti-Virus Software?

==

Cheers, Tim Meddick, Peckham, London. :-)




"Jeremy Nicoll - news posts" wrote
in message nvalid...
Lee wrote:

There are 2 messages:
"Windows cannot find C:\DOCUME~1\User\LOCALS~1\Temp\csrss.exe. ..."
and
"Could not load or run C:\DOCUME~1\User\LOCALS~1\Temp\csrss.exe. ..."

That's odd; I'd not expect anything to be trying to use a file in

...\Temp\...

as you log in, unless - say - you'd been uninstalling a product and it

a) told you you needed to reboot (so it could perhaps do some
file renames or deletes as the system is rebooted), and

b) set up (in the registry) a command to run that program next time
you booted, and

c) before rebooting, you manually, or some program that clears up
temporary files etc, deleted something from \Temp\

If you know how to look at the eventlogs, is it possible to find out what
task/process was looking for csrss.exe ?

Google suggests that csrss.exe is part of Windows, provided it's the copy
in
C:\WINDOWS\system32. Perhaps the one in \Temp\ is infected?


Do you have antivirus software?

Have you run anti-malware scans?

--
Jeremy C B Nicoll - my opinions are my own.

Email sent to my from-address will be deleted. Instead, please reply
to replacing "aaa" by "284".